Sage Analysis

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en986
de6
fr2
es2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
de6
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android32
Linux Kernel30
Google Chrome22
PHP18
Mozilla Firefox16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Oracle Enterprise Manager OSS Support Tools 7pk security6.96.8$5k-$25k$0-$5kHighOfficial Fix0.000.78577CVE-2015-1793
2Oracle Agile Engineering Data Management 7pk security5.95.8$5k-$25k$0-$5kHighOfficial Fix0.010.78577CVE-2015-1793
3Oracle Transportation Management race condition7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.07559CVE-2015-1791
4OpenSSL x509 Basic Constraints x509_vfy.c X509_verify_cert 7pk security6.56.1$25k-$100k$0-$5kHighOfficial Fix0.010.78577CVE-2015-1793
5Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.750.00954CVE-2015-5911
6Veritas NetBackup DiscoveryService path traversal6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-42305
7ikus060 rdiffweb Cleanup cleanup3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-3301
8Blossom Recipe Maker Plugin cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-37338
9GLPI API sql injection9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.09029CVE-2022-35947
10Linux Kernel Device nvme_dev_ioctl denial of service4.54.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2022-3169
11Seiko SkyBridge MB-A200 system.conf hard-coded password8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-36560
12Apple tvOS Kernel memory corruption8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01271CVE-2016-7606
13Siemens SICAM PAS input validation7.37.2$5k-$25k$5k-$25kNot DefinedWorkaround0.000.01055CVE-2016-9156
14Red Hat Ceph Storage inadequate encryption4.54.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01108CVE-2021-3979
15TOTOLINK A3700R UploadFirmwareFile command injection6.66.5$0-$5k$0-$5kNot DefinedNot Defined0.050.01005CVE-2022-36460
16taocms path traversal5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2022-36261
17Serendipity functions_entries.inc.php sql injection7.57.5$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01061CVE-2017-5609
18Advanced Comment Form Plugin Setting cross site scripting3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-3220
19Pidgin MXIT Protocol out-of-bounds write7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.02839CVE-2016-2371
20Mozilla Firefox WebDriver access control5.04.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.070.00885CVE-2022-22757

IOC - Indicator of Compromise (50)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.45.6.138138-006-045-005.ip-addr.inexio.netSageverifiedHigh
25.45.17.36SageverifiedHigh
35.45.24.236SageverifiedHigh
45.45.100.133domain-butler.comSageverifiedHigh
55.45.107.161nobody.yourvserver.netSageverifiedHigh
65.45.107.167v22014011960816232.yourvserver.netSageverifiedHigh
75.45.129.52SageverifiedHigh
85.45.140.6SageverifiedHigh
95.45.159.19SageverifiedHigh
105.45.208.36proxy-minsk03.cdn.yandex.netSageverifiedHigh
11X.XX.XXX.XXXXxxxverifiedHigh
12X.XX.XXX.XXx.xx.xxx.xx-xxx.xxxx.xxxx.xxxXxxxverifiedHigh
13X.XX.XXX.XXXx.xx.xxx.xxx-xxxx.xxxx.xxxx.xxxXxxxverifiedHigh
14X.XX.XXX.XXxxx-xxxxx.xxxxxxx.xxxxxx.xxxXxxxverifiedHigh
15XXX.XXX.X.XXXxxxverifiedHigh
16XXX.XXX.XX.XXXXxxxverifiedHigh
17XXX.XXX.XX.XXXXxxxverifiedHigh
18XXX.XXX.XX.XXXxxxverifiedHigh
19XXX.XXX.XX.XXXxxxverifiedHigh
20XXX.XXX.XX.XXXxxxverifiedHigh
21XXX.XXX.XXX.XXXxxxverifiedHigh
22XXX.XXX.XXX.XXXxxxverifiedHigh
23XXX.XXX.XXX.XXXxxxverifiedHigh
24XXX.XXX.XXX.XXxxxxxx.xxxxxxx.xxxxXxxxverifiedHigh
25XXX.XXX.XXX.XXXxxxverifiedHigh
26XXX.XXX.XXX.XXXXxxxverifiedHigh
27XXX.XXX.XXX.XXXxxxverifiedHigh
28XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxverifiedHigh
29XXX.XX.X.XXXXxxxverifiedHigh
30XXX.XX.XX.XXxxxxxx.xxxxxxxxxxx.xxxXxxxverifiedHigh
31XXX.XX.XX.XXXxxxverifiedHigh
32XXX.XX.XX.XXXXxxxverifiedHigh
33XXX.XX.XXX.XXXxxxverifiedHigh
34XXX.XX.XXX.XXxxxverifiedHigh
35XXX.XX.XXX.XXXXxxxverifiedHigh
36XXX.XX.XXX.Xxxx.xxxxxxxx.xxxXxxxverifiedHigh
37XXX.XX.XXX.XXXxx-x-x-xxx-xxx-xxx-x-xxx.xxxxxxxxxxxxxxx.xxxXxxxverifiedHigh
38XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxverifiedHigh
39XXX.XX.XXX.XXxxxverifiedHigh
40XXX.XX.XXX.XXXxxxverifiedHigh
41XXX.XX.XXX.XXXxxxverifiedHigh
42XXX.XX.XXX.XXXXxxxverifiedHigh
43XXX.XX.XXX.XXXXxxxverifiedHigh
44XXX.XX.XXX.XXXXxxxverifiedHigh
45XXX.XXX.XX.XXXXxxxverifiedHigh
46XXX.XXX.XX.XXxxxverifiedHigh
47XXX.XXX.XX.XXXxxxverifiedHigh
48XXX.XXX.XX.XXXxxxverifiedHigh
49XXX.XXX.XX.XXXXxxxverifiedHigh
50XXX.XXX.XXX.XXXXxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (171)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/students/view_student.phppredictiveHigh
2File/bin/boapredictiveMedium
3File/classes/Master.php?f=delete_schedulepredictiveHigh
4File/controller/OnlinePreviewController.javapredictiveHigh
5File/dashboard/settingspredictiveHigh
6File/etc/init0.d/S80telnetd.shpredictiveHigh
7File/etc/srapi/config/system.confpredictiveHigh
8File/etc/sysconfig/tomcatpredictiveHigh
9File/goform/SafeEmailFilterpredictiveHigh
10File/goform/setMACpredictiveHigh
11File/hrm/controller/employee.phppredictiveHigh
12File/htmldoc/htmldoc/html.cxxpredictiveHigh
13File/index.phppredictiveMedium
14File/index.php?module=help_pages/pages&entities_id=24predictiveHigh
15File/leave_system/classes/Users.php?f=savepredictiveHigh
16File/net-banking/manage_customers.phppredictiveHigh
17File/pet_shop/admin/?page=maintenance/manage_categorypredictiveHigh
18File/release-x64/otfccdump+0x6c0a32predictiveHigh
19File/release-x64/otfccdump+0x703969predictiveHigh
20File/xpdf/Lexer.ccpredictiveHigh
21File/xxxx/xxxxxx.xxpredictiveHigh
22File/xx/xxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxx.xxx?xxxxxx=xxxx&xxxx=xxxpredictiveHigh
25Filexxxxx/xxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxxx/xxxx/xxxxxxx/xxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxx/xxxxxx/xxxxxxx.xpredictiveHigh
28Filexxxx/xxxx/xxxxxxx/xxx/xxx_xxxxxxx.xpredictiveHigh
29Filexxxx/xxx/xx/xxx.xpredictiveHigh
30Filexxxxxxx_xxxx_xxxxxxx_xxxxxx_xxx.xpredictiveHigh
31Filexxxxxxx_xxxx_xxxxxxx_xxxxxx_xxx.xpredictiveHigh
32Filexxxxxxx_xxxx_xxxxxxx_xxxxxx_xxx.xpredictiveHigh
33Filexxxxxxx_xxxxxx.xpredictiveHigh
34Filexxxx/xxxxxxx.xpredictiveHigh
35Filexxx_xxxx.xpredictiveMedium
36Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxxxxxxxxx.xpredictiveMedium
39Filexxxxxx/xx/xx_xxxxx.xpredictiveHigh
40Filexxxxxx/xxx/xxx_xxxx.xpredictiveHigh
41Filexxxxxx/xxxx/xxxx_xxx.xpredictiveHigh
42Filexxx_xx_xxxxxx.xpredictiveHigh
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxxxxxxxx.xxxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Filexxxxxxx/xxxxx/xxx-xxxx/xxxxxx.xpredictiveHigh
47Filexxxxxxx/xxxxx/xxx/xxxxx-xxx/xxxxx_xxx.xpredictiveHigh
48Filexxxxxxx/xxx/xxxxxxxx/xxxxx.xpredictiveHigh
49Filexxxxxxx/xxxxxxx/xxxxxxx/xxxxxx.xpredictiveHigh
50Filexxxxxxx/xxx/xxx_xx.xpredictiveHigh
51Filexxxxxxx/xxxx/xxx/xxxx_xxx.xpredictiveHigh
52Filexxxxxxx/xxxxx/xxxxx/xxxxxx-xxx.xpredictiveHigh
53Filexxxxx.xxxpredictiveMedium
54Filexxxx/xxxxx/xxxxxxxx.xpredictiveHigh
55Filexxxx/xxxxxxxxxx/xxxxxx-xxxx.xpredictiveHigh
56Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxx.xxxpredictiveHigh
57Filexxxx/xxxxxxxxxx/xxxxxx-xxxxxxxx.xpredictiveHigh
58Filexxxx/xxxxxxxxxx/xxxxxx-xxx.xpredictiveHigh
59Filexxx_xx/xxx/xxxxxx.xxxpredictiveHigh
60Filexxx/xxxxxx/xxxxxx.xpredictiveHigh
61Filexxx/xx/xx.xpredictiveMedium
62Filexxx/xxxxxxx/xxxxxxx.xpredictiveHigh
63Filexxx/xxx/xxx_xxxxxx.xpredictiveHigh
64Filexxx/xxxxxxxx/xxxx.xpredictiveHigh
65Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
66Filexxx/xxxx/xxxx.xpredictiveHigh
67Filexx/xxxxxxxxx.xpredictiveHigh
68Filexxxxxxxxx_xxxxxx.xxpredictiveHigh
69Filexxxxxx.xxxpredictiveMedium
70Filexxxxxxx/xxxxxxx/xxxx.xxxpredictiveHigh
71Filexx/xxxx/xxx_xxxxxx.xpredictiveHigh
72Filexxxxxxx/xxxxxxxxx_xxxxxxx.xxx.xxxpredictiveHigh
73Filexxxxxxx/xxxxx/xxxxxx/xxxxxxxxx.xpredictiveHigh
74Filexxxxxxxxxxx.xxpredictiveHigh
75Filexxxxxx.xpredictiveMedium
76Filexxxxxxxxxx/xxxxx_xxx.xpredictiveHigh
77Filexxxxxxx.xxpredictiveMedium
78Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
79Filexxxx.xpredictiveLow
80Filexxxx/xxxx/xxx/xxxxxxxxxxx/xxxxxxxxxxxx/xxx/xxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
81Filexxxxxxx.xxxpredictiveMedium
82Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxx.xpredictiveHigh
83Filexxxx.xxxpredictiveMedium
84Filexxxx_xxxxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxxx-xxxxxx.xpredictiveHigh
86Filexxxxxxxx.xxpredictiveMedium
87Filexx_xxxx.xpredictiveMedium
88Filexxx_xxxx.xpredictiveMedium
89Filexxxxxxx/xxxx-xxxx/xxxxxx.xpredictiveHigh
90Filexxxxx/xxxx/xxxxxxxx_xxxxxxx.xpredictiveHigh
91Filexxx/xxx/xxxxxx/xx/xxx/xx/xxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
92Filexxxxxx/xx/xxxxxx.xxpredictiveHigh
93Filexxxxxx.xxxxpredictiveMedium
94Filexxxxxxxxxxx.xxxxpredictiveHigh
95Filexxx/xxxxxxx/xxx_xxxxx.xpredictiveHigh
96Filexxx_xxxx.xxxpredictiveMedium
97Filexxxxxxxxx.xpredictiveMedium
98Filexxx_xxxxxxxx.xpredictiveHigh
99Filexxx_xxx.xpredictiveMedium
100Filexxx_xxxxxxxx.xpredictiveHigh
101Filexxx_xxxxxxx.xpredictiveHigh
102Filexxx_xxx.xpredictiveMedium
103Filexxxxx/xxxxxxpredictiveMedium
104Filexxxxxxx.xxxxpredictiveMedium
105Filexxxxxxxxx/xxxx-xxxx-xxx.xpredictiveHigh
106Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
107Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
108Filexxx_xxxx.xpredictiveMedium
109Filexxxx/xxxx_xxxxx.xpredictiveHigh
110Filexxxx_xxxxxx.xpredictiveHigh
111Libraryxxxxxx_x.xxxpredictiveMedium
112Libraryxxxxxx/xx/xx_xxx.xpredictiveHigh
113LibraryxxxxxxxxxpredictiveMedium
114Libraryxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xpredictiveHigh
115Libraryxxxxxxxx.xxxpredictiveMedium
116Libraryxx_xxxx.x/xxx_xxxx.x/xx_xxx.xpredictiveHigh
117Libraryxxx/xx_xxx.xpredictiveMedium
118LibraryxxxxxxpredictiveLow
119Libraryxxxxxx.xxxpredictiveMedium
120Argument-x-/xpredictiveLow
121ArgumentxxxxxpredictiveLow
122ArgumentxxxxxxxxxxxxxpredictiveHigh
123ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
124ArgumentxxxxxxxxxxxxxpredictiveHigh
125ArgumentxxxpredictiveLow
126Argumentxxxxxx-xxpredictiveMedium
127Argumentxxxxxxx-xxxxpredictiveMedium
128ArgumentxxxxxxxxxxxpredictiveMedium
129Argumentxxxxxxx_xxxxxpredictiveHigh
130ArgumentxxxxxpredictiveLow
131Argumentxxxxxxx:xxxxxxxxpredictiveHigh
132ArgumentxxxpredictiveLow
133Argumentxxxxxxxxxxx.xxxxxpredictiveHigh
134Argumentxxxxxxx_xxxxxpredictiveHigh
135ArgumentxxxxxxxxpredictiveMedium
136ArgumentxxxxxxpredictiveLow
137Argumentxxxx_xxxxxpredictiveMedium
138ArgumentxxpredictiveLow
139Argumentxx/xxxxxxxxxx[xxxx]predictiveHigh
140ArgumentxxxxxpredictiveLow
141Argumentxxx_xxxxxxxxxxxxx/xxx_xxxxxxxxxxxxpredictiveHigh
142ArgumentxxxxxxpredictiveLow
143ArgumentxxxxxpredictiveLow
144ArgumentxxxxxxxpredictiveLow
145ArgumentxxxxpredictiveLow
146Argumentxxxxxx/xxxxxxxpredictiveHigh
147ArgumentxxxxxxxpredictiveLow
148ArgumentxxxxpredictiveLow
149ArgumentxxxxxxxxpredictiveMedium
150ArgumentxxxxpredictiveLow
151ArgumentxxxxxpredictiveLow
152ArgumentxxxxxxxxxxxpredictiveMedium
153Argumentxxxxx xxxx/xxxxxxxxxxpredictiveHigh
154ArgumentxxxxxxpredictiveLow
155ArgumentxxxxxxxxxpredictiveMedium
156ArgumentxxxxxxxxxxpredictiveMedium
157ArgumentxxxpredictiveLow
158Argumentxxxxxxx_xx_xxxxxxxpredictiveHigh
159Argumentxxxxx_xxxxpredictiveMedium
160ArgumentxxxpredictiveLow
161ArgumentxxxxpredictiveLow
162ArgumentxxxxxxxxxpredictiveMedium
163ArgumentxxxxxpredictiveLow
164Argumentxxxxxxxxxxx/xxxxx_xxxxxpredictiveHigh
165Argumentxxxx/xxxxxxxxxxpredictiveHigh
166ArgumentxxxxpredictiveLow
167ArgumentxxxxxxxxpredictiveMedium
168Argumentxxxx_xxpredictiveLow
169Network Portxxx/xxxpredictiveLow
170Network Portxxx/xxxxxpredictiveMedium
171Network Portxxx/xxx, xxx/xxx, xxx/xxxx, xxx/xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!